RE: ACTION 813 - https link re-writing

Good text Heiko, thanks.

Re OPEN TO DISCUSS proxy-mode; technically it is not possible to adapt anything inside an HTTPS link. All the proxy can see is a source IP address, a destination IP address and a stream of encrypted bytes. That's why any HTTPS adaptation *has* to be done in link-mode.

Thanks,

Rob

--
OPENWAVE

Dr Robert Finean
OpenWeb Product Manager

+44 7932 019 367
rob.finean@openwave.com
www.openwave.com


-----Original Message-----
From: public-bpwg-ct-request@w3.org [mailto:public-bpwg-ct-request@w3.org] On Behalf Of Gerlach, Heiko, VF-Group
Sent: Wed 16 July 2008 08:06
To: public-bpwg-ct@w3.org
Subject: ACTION 813 - https link re-writing


Hi All,

Please see below:

3.3.6.2: 
New:
Due to the nature of a transforming proxy, there will not be end to end security for HTTPS, when content transformation will be applied.

If the response contains links whose URIs have the scheme https the proxy may only rewrite them so that it can transform the content, if it meets the following provision: 

If a proxy does rewrite such links, it must advise the user of the security implications of doing so and must provide the option to avoid decryption and transformation of the resources the links refer to, by bypassing the CT proxy for accessing the original content without touching the proxy.

Note: If the user decides for the latter option, the session might never return back to content transcoding, based on the technical integration of the CT proxy (link mode)

OPEN TO DISCUSS: How about proxy mode integration??? Do we need to menntion those tech integration options?


Old:
If the response contains links whose URIs have the scheme https the proxy may only rewrite them so that it can transform the content, if it meets the following provision. If a proxy does rewrite such links, it must advise the user of the security implications of doing so and must provide the option to avoid decryption and transformation of the resources the links refer to.


Cheeers

Heiko Gerlach 
Vendor Manager / Product Owner
Global Consumer Internet Services & Platforms 
Tel: +49 211 820 2168 
Fax: +49 211 820 2141 
Mobile +49 172 20 40 50 7 
E-Mail: heiko.gerlach@vodafone.com 
  

Vodafone Group Services GmbH
Mannesmannufer 2, D-40213 Düsseldorf
Amtsgericht Düsseldorf, HRB 53554 
Geschäftsführung: Dr. Joachim Peters, Rainer Wallek
 
 
This message and any files or documents attached are confidential and may also be legally privileged or protected by other legal rules. It is intended only for the individual or entity named. If you are not the named addressee or you have received this email in error, please inform the sender immediately, delete it from your system and do not copy or disclose it or its contents or use it for any purpose. Thank you.  Please also note that transmission cannot be guaranteed to be secure or error- 

Received on Wednesday, 16 July 2008 10:15:17 UTC